Read a file with only execute permission?

Read a file with only execute permission?

Post by greyf.. » Sat, 29 Dec 2001 02:03:12



        I am trying to find a way to view the source of a shellscript
to which the author has granted only execute permission. He wants his
Unix version of this utility to be the only way to perform the task --
I want to just write it into a Windows program I'm writing and save
the trouble of logging into the Unix server to perform *one* step in a
complex process. Surely there is some way I can view a file if I have
rights to execute it, right? This is a UnixWare7 server. Any help
appreciated. Since it's ego and not practicality that drives him to
keep this secret, I'd like to get at it despite his efforts and knock
him down a notch. TIA!
 
 
 

Read a file with only execute permission?

Post by p.. » Sat, 29 Dec 2001 02:43:38



>    I am trying to find a way to view the source of a shellscript
> to which the author has granted only execute permission. He wants his
> Unix version of this utility to be the only way to perform the task --
> I want to just write it into a Windows program I'm writing and save
> the trouble of logging into the Unix server to perform *one* step in a
> complex process. Surely there is some way I can view a file if I have
> rights to execute it, right? This is a UnixWare7 server. Any help
> appreciated. Since it's ego and not practicality that drives him to
> keep this secret, I'd like to get at it despite his efforts and knock
> him down a notch. TIA!

Root can always read a file ...

But why care, you could run his script via ssh anyway, just make use
of "public.key authorization" and you should be able to run a
command without having to enter username/password.

putty is one of the free ssh-clients available for wintendo. google will
show you a ftp-server.

--
Peter H?kanson        
        IPSec  Sverige      (At the Riverside of Gothenburg, home of Volvo)
           Sorry about my e-mail address, but i'm trying to keep spam out.
           Remove "icke-reklam" and it works.

 
 
 

Read a file with only execute permission?

Post by Barry Margoli » Sat, 29 Dec 2001 03:54:11




>    I am trying to find a way to view the source of a shellscript
>to which the author has granted only execute permission. He wants his
>Unix version of this utility to be the only way to perform the task --
>I want to just write it into a Windows program I'm writing and save
>the trouble of logging into the Unix server to perform *one* step in a
>complex process. Surely there is some way I can view a file if I have
>rights to execute it, right?

You seem to have a pretty low opinion of Unix security if you think there
"surely" must be a way to bypass its access checks.

If it's on an NFS server and you have root access on an NFS client he
exports to, you could su to his userid and read it.  Or you could patch the
NFS client so it doesn't perform access checks before sending the read
request to the server; NFS servers have to allow someone to read a file if
they have execute permission, because there's no way for the server to know
whether the page is being read for the purpose of viewing or executing, so
the server depends on the client making this distinction.

Quote:>                          This is a UnixWare7 server. Any help
>appreciated. Since it's ego and not practicality that drives him to
>keep this secret, I'd like to get at it despite his efforts and knock
>him down a notch. TIA!

This seems extremely presumptuous of you.  If someone wishes to keep
something a secret, why can't you respect his wishes.  He may be
egotistical, but you're rude.

--

Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

Read a file with only execute permission?

Post by greyf.. » Sat, 29 Dec 2001 07:54:17




Quote:>>                              This is a UnixWare7 server. Any help
>>appreciated. Since it's ego and not practicality that drives him to
>>keep this secret, I'd like to get at it despite his efforts and knock
>>him down a notch. TIA!

>This seems extremely presumptuous of you.  If someone wishes to keep
>something a secret, why can't you respect his wishes.  He may be
>egotistical, but you're rude.

This was a technical question, not an ethical one. Your advice is
appreciated but your opinion is not. Rude is making unsolicited
judgments about people you don't know in situations to which you are
not privy. Stay on topic. Thanks for the pointers.
 
 
 

Read a file with only execute permission?

Post by Barry Margoli » Sat, 29 Dec 2001 08:08:49






>>>                          This is a UnixWare7 server. Any help
>>>appreciated. Since it's ego and not practicality that drives him to
>>>keep this secret, I'd like to get at it despite his efforts and knock
>>>him down a notch. TIA!

>>This seems extremely presumptuous of you.  If someone wishes to keep
>>something a secret, why can't you respect his wishes.  He may be
>>egotistical, but you're rude.

>This was a technical question, not an ethical one. Your advice is
>appreciated but your opinion is not. Rude is making unsolicited
>judgments about people you don't know in situations to which you are
>not privy. Stay on topic. Thanks for the pointers.

If I had responded only with my opinion about you, your complaint would be
justified.  But I also posted useful technical information.  There's no
such thing as a free lunch -- if I volunteer advice, I think I have the
right to append some commentary about how it should be used if I think it's
appropriate.  As system administrators and security experts we're often
required to consider the ethical consequences of our actions.

You basically asked how to break security in a forum devoted to discussing
improving security.  Did you really expect to get by unscathed?  If you
want the kind of answers you're looking for, you should post in a cracker's
group rather than a security group.  You'll find plenty of people who think
like you and they'll be happy to help you.

--

Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

Read a file with only execute permission?

Post by svek » Sat, 29 Dec 2001 08:11:27


"Since it's ego and not practicality that drives him to
keep this secret, I'd like to get at it despite his efforts and knock
him down a notch. TIA!"

The question might be technical but you made it an ethic issue by stating
this yourself.
Why don't you just write your own script? If that's all you need in a
complex program why not write it yourself, with the help of news group
communities which are often more than willing to help solving problems the
legal way...

/svek

 
 
 

Read a file with only execute permission?

Post by Marc Spitz » Sat, 29 Dec 2001 08:24:14






>>>                          This is a UnixWare7 server. Any help
>>>appreciated. Since it's ego and not practicality that drives him to
>>>keep this secret, I'd like to get at it despite his efforts and knock
>>>him down a notch. TIA!

>>This seems extremely presumptuous of you.  If someone wishes to keep
>>something a secret, why can't you respect his wishes.  He may be
>>egotistical, but you're rude.

> This was a technical question, not an ethical one. Your advice is
> appreciated but your opinion is not. Rude is making unsolicited
> judgments about people you don't know in situations to which you are
> not privy. Stay on topic. Thanks for the pointers.

Actually it is an ethical question, first do you know or just beleive
it is ok for you to read it?  Another thing is even if it is
harmless the owner wants to keep it private and he is intitled to do
so.  But you want to embaris him so its ok.  

You are engaging in imm*and anitsocial behavior and you are too
ignorant and/or lazy and/or stupid to do your own research so you
posted to a public forum and then complain about people pointing out
your lack of ethical/m*behavior.

One last thing this is an unmoderated news group we can discuss what
ever we want.  And in my oppinion ethics does apply to security.  

marc

 
 
 

Read a file with only execute permission?

Post by greyf.. » Sat, 29 Dec 2001 08:36:54




>"Since it's ego and not practicality that drives him to
>keep this secret, I'd like to get at it despite his efforts and knock
>him down a notch. TIA!"

>The question might be technical but you made it an ethic issue by stating
>this yourself.
>Why don't you just write your own script? If that's all you need in a
>complex program why not write it yourself, with the help of news group
>communities which are often more than willing to help solving problems the
>legal way...

        To put it succinctly, he works in programming and I work in
deployment. He makes it work in the lab and I make it work in the real
world. This all started when he was showing me the procedure he had
developed to do this, and I stated that I would perform the same
operations as his shellscript, but would use a C program in Windows so
our people would not have to do half in Windows, 2% in Unix, then the
other 48% in Windows. The script was readable by me until that day,
when he restricted it to execute only. It was a clear response to the
threat of having his coding rendered superfluous.

        As to why I don't just do it myself, his department wrote the
part of our software that interprets the files after they have been
run through the script, so only they know what the finished product
should be in order to be valid input for the software which will
ultimately use it. The handful of parses, appendices, and conversions
he did in his script (which I saw freely until I mentioned I was going
to build them into my Windows program) would be simple to implement --
I need to know what to parse out and what to append, though, and only
he knows that. This is not some elaborate piece of code he spent days
working on. He knew to remove a few chunks here and there, add a line
or two here, and write the file out. He knew this because he has the
blueprint for the finished product. This is a situation where ego is
getting in the way of productivity, and while I'm not going to make a
case of it and tell management he's interfering with my ability to do
my job (whistle-blowing is not in my nature), I *do* think I'm well
within my rights to try and circumvent his ego.

        I had no idea asking a simple question was going to get me
attacked. I felt no cumpulsion to explain why my actions are right
because I harbored no unconscious belief that they are wrong.
Apparently, though, the respondents feel differently.

 
 
 

Read a file with only execute permission?

Post by greyf.. » Sat, 29 Dec 2001 08:52:29




Quote:>If I had responded only with my opinion about you, your complaint would be
>justified.  But I also posted useful technical information.  There's no
>such thing as a free lunch -- if I volunteer advice, I think I have the
>right to append some commentary about how it should be used if I think it's
>appropriate.  As system administrators and security experts we're often
>required to consider the ethical consequences of our actions.

        I'll accept this point. You did provide something which might
prove useful. It was not your suggestion that it might be less than
ethical for me to use it that bothered me. It was the characterization
that it's rude. That part was a value judgment and was out of line.

Quote:>You basically asked how to break security in a forum devoted to discussing
>improving security.  Did you really expect to get by unscathed?  If you
>want the kind of answers you're looking for, you should post in a cracker's
>group rather than a security group.  You'll find plenty of people who think
>like you and they'll be happy to help you.

        Discussing holes in security is pretty important if in fact
the purpose of this group is to improve security. I mistakenly
believed this group was here for the discussion of security in
general, not solely for system administrators to talk about keeping
out people like me. My unpopular (yet on-topic) speech is every bit as
relevant to this group as anything you've said.

        In any case, it's clear that I am not welcome, and rather than
trying to show why I should be I'll just bow out...

 
 
 

Read a file with only execute permission?

Post by svek » Sat, 29 Dec 2001 09:00:28


This is a situation where ego is

Quote:> getting in the way of productivity, and while I'm not going to make a
> case of it and tell management he's interfering with my ability to do
> my job (whistle-blowing is not in my nature), I *do* think I'm well
> within my rights to try and circumvent his ego.

Some things just doesn't add up here, why would you not report this if it
interfers with your job, and if you were supposed to do this then you would
surely had been given the information to be able to do it, no employer gives
someone in the staff a job but not the documentation to do it since that
wouldn't work.
The only solution I can think of here, if you don't have the
information/documentation or if you don't report him, is that you are not
authorized to do this sort of thing in this project.

/svek

 
 
 

Read a file with only execute permission?

Post by greyf.. » Sat, 29 Dec 2001 09:00:58




Quote:>Actually it is an ethical question, first do you know or just beleive
>it is ok for you to read it?  Another thing is even if it is
>harmless the owner wants to keep it private and he is intitled to do
>so.  But you want to embaris him so its ok.  

>You are engaging in imm*and anitsocial behavior and you are too
>ignorant and/or lazy and/or stupid to do your own research so you
>posted to a public forum and then complain about people pointing out
>your lack of ethical/m*behavior.

>One last thing this is an unmoderated news group we can discuss what
>ever we want.  And in my oppinion ethics does apply to security.  

        What a lovely method of discussion you have. Clearly you are a
credit to both your occupation and this group. In the future, when you
feel compelled to needlessly bash someone ad hominem rather than
actually discuss a topic, you might want to run a spell check. While
it amuses me when someone calls me stupid who can spell neither
entitled nor embarrass, I think it detracts from the effectiveness of
your insults.
 
 
 

Read a file with only execute permission?

Post by greyf.. » Sat, 29 Dec 2001 09:12:28



>Some things just doesn't add up here, why would you not report this if it
>interfers with your job, and if you were supposed to do this then you would
>surely had been given the information to be able to do it, no employer gives
>someone in the staff a job but not the documentation to do it since that
>wouldn't work.
>The only solution I can think of here, if you don't have the
>information/documentation or if you don't report him, is that you are not
>authorized to do this sort of thing in this project.

        I'm authorized but not obligated. Essentially, a system has
been developed by our programming staff to perform a given task. They
love the Unix prompt, and as programming trolls who live in their
cubicles and never see the light of day, this is all well and good for
them. The other 450 people at our office would rather have a pretty,
user-friendly way of doing this same task, and since my job is to make
the underlying programs workable by the lay user, I try to spruce it
up when they make it completely effective but woefully ugly. Their job
is function. Mine is form. He has done everything he is required to
do, nothing more. I can just disseminate this to the masses, or try to
improve upon it. I chose the latter. He felt threatened and closed the
door on me. I have every right to go to someone and say he's stopping
me from making it better, but in the end that only serves to make him
look bad and me look petty. By sidestepping the security he never
should have put in place, I make the product better, the users
happier, and don't have to make him look bad to anyone but himself.
 
 
 

Read a file with only execute permission?

Post by svek » Sat, 29 Dec 2001 09:21:34


A wise answer I must say, though I do not agree with Unix prompt being ugly
and there is always Xwindow if you do but that is not the issue.
Why not duing this by trying to reason with him?
If that doesn't work then I assume you could always use a sniffer to capture
the traffic between the client and the server and from there figuring out
what the script is doing, otherwise you could bruteforce his account
password.
I strongly discourage you from doing either since if you are detected you
could lose your job or be prosecuted even for intrusion.

/svek


> I'm authorized but not obligated. Essentially, a system has
> been developed by our programming staff to perform a given task. They
> love the Unix prompt, and as programming trolls who live in their
> cubicles and never see the light of day, this is all well and good for
> them. The other 450 people at our office would rather have a pretty,
> user-friendly way of doing this same task, and since my job is to make
> the underlying programs workable by the lay user, I try to spruce it
> up when they make it completely effective but woefully ugly. Their job
> is function. Mine is form. He has done everything he is required to
> do, nothing more. I can just disseminate this to the masses, or try to
> improve upon it. I chose the latter. He felt threatened and closed the
> door on me. I have every right to go to someone and say he's stopping
> me from making it better, but in the end that only serves to make him
> look bad and me look petty. By sidestepping the security he never
> should have put in place, I make the product better, the users
> happier, and don't have to make him look bad to anyone but himself.

 
 
 

Read a file with only execute permission?

Post by greyf.. » Sat, 29 Dec 2001 09:38:09



>A wise answer I must say, though I do not agree with Unix prompt being ugly
>and there is always Xwindow if you do but that is not the issue.

        I respect the power of Unix. In fact, the bulk of our critical
applications work in a Unix environment exclusively, with Windows
being only a portal to access it. I'm actually quite comfy with the
command line; the "ugly" was more from the general perspective than
mine personally. I wish they'd let us use XWindows, but the higher-ups
say it's a drain on the system to impose a GUI, so they disable it.
C'est la vie.

Quote:>Why not duing this by trying to reason with him?

        It's possible that I could just persuade him. I guess the big
reason I haven't tried is that I was offended by his reaction. It
irritated me, and clearly for him to take such a deliberate step he
must feel pretty strongly about keeping me from removing his code from
the loop for this process.I think it's more about a Unix versus NT
pissing contest than anything else.

Quote:>If that doesn't work then I assume you could always use a sniffer to capture
>the traffic between the client and the server and from there figuring out
>what the script is doing, otherwise you could bruteforce his account
>password.

        Nah... I won't go as far as trying to hack his account. My
manager can access the file if I get that desperate. In the end, if
there is not some creative and stylish way I can get around him, I'll
just leave it be. This is new technology for us; once it gets into
more common use and enough people ask for a Windows solution, it will
come across my desk. If nothing else, I'll win in the end. I just
didn't want to wait. ;-)

        I appreciate the advice. Thanks.

 
 
 

Read a file with only execute permission?

Post by Marc Spitz » Sat, 29 Dec 2001 09:57:17






>>Actually it is an ethical question, first do you know or just beleive
>>it is ok for you to read it?  Another thing is even if it is
>>harmless the owner wants to keep it private and he is intitled to do
>>so.  But you want to embaris him so its ok.  

>>You are engaging in imm*and anitsocial behavior and you are too
>>ignorant and/or lazy and/or stupid to do your own research so you
>>posted to a public forum and then complain about people pointing out
>>your lack of ethical/m*behavior.

>>One last thing this is an unmoderated news group we can discuss what
>>ever we want.  And in my oppinion ethics does apply to security.  

>    What a lovely method of discussion you have. Clearly you are a
> credit to both your occupation and this group. In the future, when you
> feel compelled to needlessly bash someone ad hominem rather than
> actually discuss a topic, you might want to run a spell check. While
> it amuses me when someone calls me stupid who can spell neither
> entitled nor embarrass, I think it detracts from the effectiveness of
> your insults.

I admit it I forgot to run ispell, but I do not go around asking for
information about how to crack other peoples accounts and then get
upset when people tell me it the wrong thing to do.  If you have a
legitimate reason to have access to the information then use legitimate
channels.  What you were asking for was help doing something that is
illegal in may places and grounds for disciplinary action by your
employer.  Remember this is stored in google forever and you asked for
help on how to engage in the type of behavior that no one wants their
employees to engage in *on there own initiative*.  

marc

 
 
 

1. Is it possible to have execute permissions without read permissions?

Does anyone know if it is possible to give a user execute permissions on a
file, but not to let them read what is contained within that file?

The case in question is a script with contains some sensitive data
(password) is required to be run by another user, but I don't want them to
see the text in the file. I have searched for information, but only seem to
have turned up details about directories which can be changed to but the
contents cannot be read.

I have tried suid but it still doesn't seem to work.

Any suggestions would be gratefully accepted.

Cheers,

Iain.

2. How to connect to internet with modem in Linux?

3. Read a file with only execute permission?

4. Volume Manager - How to install

5. How to create a file with read, write, and execute permissions?

6. Get processor id's ?

7. How to reset permissions on file with no read permissions

8. Please explain modes in X386

9. executing scripts without read permission

10. NFS read/execute permission

11. Finding if read/write/execute permissions

12. Read and Execute Permissions of a directory

13. Mounting CD's on AIX with execute permissions on files.